Wireless Access

last person joined: 17 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

AP booting process

This thread has been viewed 76 times

  • 1.  AP booting process

    Posted Feb 12, 2013 06:09 AM

    I have managed my wireless network for 7/8 years, last week we were migrating from M1 to M3 on my master controller, in the meanwhile some of my AP were down and they couldn't get up again because they couldn't reach the master (it was down due to MI to M3 migration), the cuestion is:

     

    Can an campus AP boot up whitout a master controller?

     

    I have statically configured the master and serverip commands in all my AP, but even setting up "setenv serverip  ip-of-local-controller" my AP are not able to boot up if it can't reach a master.

     

    Is it normal??



  • 2.  RE: AP booting process

    Posted Feb 12, 2013 06:40 AM

    Hi.

    If the AP will not be able to reach the new controller - you will not see it UP.

    [if u change AOS - the ap need to get the new AOS from the controller via tftp]

     

    here some info reagarding ADP:

    Aruba AP Discovery Process

    一、Aruba ADP

    Once the AP receives the IP address of the master controller, the AP uses this address as the IP address of a TFTP server and downloads its software image.  After the AP completes the download of its image, it repeats the boot-up process to obtain the same IP address of the master controller for bootstrapping/obtaining its configuration.
     
    The ADP protocol is the first method that all Aruba APs will use to discover the master. The ADP protocol works as follows:
    1  AP sends out a discovery packet
    2  Master responds with its own loopback address – local controllers .may also respond with the loopback address of the master
    3  AP connects to the correct controller and downloads its configuration as well as any new firmware
    4  AP reboots and goes operational with correct configuration

     

    1  Auto Discovery Protocol (ADP) – broadcast 

    In the broadcast version of ADP, an Aruba AP sends out broadcast packets using the broadcast address 255.255.255.255.  The master or local controllers will then respond to the AP with the master loopback address.

    Comment:

    Important:  This method requires the master or other controllers to be located on the same Layer 2 network as the AP.

    CLI:

    (Aruba2400) (config) #adp discovery enable
    (Aruba2400) (config) #adp igmp-join disable

     

    2  Auto Discovery Protocol (ADP) -  multicast 

    With the multicast version, an Aruba AP sends out IP multicast packets using the group address 224.0.82.11. The controllers will reply to the AP with its own loopback IP address.  

    Comment:

    This method requires the network to correctly pass multicast traffic between the AP and the controllers. 

    CLI:

    (Aruba2400) (config) #adp discovery enable
    (Aruba2400) (config) #adp igmp-join enable

     

    3  Dynamic Host Configuration Protocol (DHCP Option 43)

    DHCP servers are a popular way of configuring clients with basic networking information such as an IP address, a default gateway,
    network mask, DNS server, etc. Most DHCP servers have the ability to also send a variety of optional information as well. One of these is the Vendor-Specific Option Code, often called option 43. 
     
    Here is how option 43 works:
     
    1  The DHCP client on an Aruba AP adds an optional piece of information called the Vendor Class Identifier Code (Option 60) to
    its DHCP request. The value of this code is ArubaAP
    2  The DHCP server sees the vendor information and checks if it has option 43 configured, if it does, it will send the Vendor-Specific
    Option Code (43) to the client. The value of this option is the loopback address of the Aruba master
    3  The AP gets a response from the DHCP server and checks if option 43 was returned, if it was, the AP contacts the master using the
    supplied IP address

     

    4  Domain Name Services – DNS lookup
    In most cases this is the most popular discovery method. It has the advantage of working very well across both Layer 2 and Layer 3
    networks.  If an Aruba AP fails to receive the IP address of the master controller via DHCP or either ADP method, the AP will use the IP
    address of the domain name server it received from DHCP to perform a DNS lookup.  

    Comment:

    This method requires a DNS host entry that corresponds to the name of the master. By default, APs look for the entry aruba-master.

     

    二、AP Boot Sequence

    Aruba AP Dynamic boot sequence

    1 AP learns AP Name / AP Group from bootrom
    2 AP sends out DHCP request for IP address
    3 If DHCP response includes vendor option 43 (masterip), AP will use this for Master IP address
    4 If no vendor option specified, AP sends “ADP” packet to Multicast group 239.0.82.11
    5 If no response to Multicast ADP, AP sends “ADP” packet as L2/L3 broadcast (configure Master Aruba controller as a DHCP helper recipient)
    6 If no response, AP sends DNS query to server given by DHCP for “aruba-master.domain.com” where “domain.com” is domain given by DHCP.  AP will use this for Master IP address

    Once AP determines Master IP address, boot continues from Step 2 in Static config

     

    AP Static boot sequence
    1 AP loads variables from bootrom
    2 AP sends message to Aruba controller with its AP Name / AP Group
    3 If needed, AP sends an TFTP request to Aruba controller and downloads OS image (establish PAPI (UDP 8211 )连接到无线交换机) (control Protocol)
    4 Based on the AP Name / AP Group, the current controller may take control of this AP or direct it to another controller
    5 AP authenticates to controller and establishes GRE tunnel

     client 与 AP 通信,AP将数据通过 GRE tunnel   传送到无线控制器

    三、configuration

     

    adp discovery {disable|enable} igmp-join {disable|enable} igmp-vlan <vlan>

     

    (host) #show adp config

    ADP Configuration
    -----------------
    key        value
    ---        -----
    discovery  enable
    igmp-join  enable
    igmp-vlan  0

     

    Some Aruba AP boot\pre-boot command syntax examples:

     

    Pre-boot Commands:

     

    apboot> help
    ?              - alias for 'help'
    boot           - boot the OS image
    clear          - clear the OS image or other information
    date           - get/set/reset date & time
    dhcp           - invoke DHCP client to obtain IP/boot params
    factory_reset  - reset to factory defaults
    help           - print online help
    mfginfo        - show manufacturing info
    ping           - send ICMP ECHO_REQUEST to network host
    printenv       - print environment variables
    purgeenv       - restore default environment variables
    reset          - Perform RESET of the CPU
    saveenv        - save environment variables to persistent storage
    setenv         - set environment variables
    tftpboot       - boot image via network using TFTP protocol
    upgrade        - upgrade the APBoot or OS image
    version        - display version

     

    Environment Variables:

     

    bootdelay=2
    baudrate=9600
    autoload=n
    boardname=Talisker
    servername=aruba-master
    bootcmd=boot ap
    autostart=yes
    bootfile=mips32.ari
    ethaddr=d8:c7:c8:XX:XX:XX
    os_partition=0
    ethact=eth0
    gatewayip=192.168.1.1
    netmask=255.255.255.0
    dnsip=8.8.8.8
    name=IAP105
    domainname=arubanetworks.com
    ipaddr=192.168.1.101
    stdin=serial
    stdout=serial
    stderr=serial

     

     

    Hope it will give u some idea.

    if this post helped u - please mark as a sultion and K+ [the star button]   :catindifferent: thanks :]



  • 3.  RE: AP booting process

    Posted Jun 12, 2015 03:32 PM

    As an addition note, if you have ipv6 enabled on the networl that the AP is in, and it is different from the controller network, you need to have the domain search string sent to the AP during boot.  We used the dhcpv6.domain-search option (option 24) in the DHCPv6 server.  Without it, some APs will bomb out looking for aruba-master, since it will not append your domain name without option 24 being set.  Or you can change each APs setenv domainname via console.



  • 4.  RE: AP booting process

    Posted Feb 12, 2013 06:42 AM

    More info:

    ------------

     

     

    First of it the AP need Information for his boot process and Informations about the Controller where he should connect. This Informations are Enviroment Variables. This are the only Parameters that are stored on the AP. You can show them with the printenv command. Example:

    apboot> printenv
    boardname=Muscat
    autostart=yes
    baudrate=9600
    bootcmd=boot ap
    bootdelay=2
    bootfile=mips.ari
    ethaddr=00:0b:86:c6:28:9a
    name=AP70 MeshPoint
    group=APGroup_Mesh_Point_with_Client_Power17_Chann

    el6
    fqln=AP70 MeshPoint.Floor 1.New Building.Weisser Riese
    servername=aruba-master
    a_antenna=0
    g_antenna=0
    auto_prov_id=0
    mesh_role=1

    After boot and connecting to the Controller the Ap loads some more Informations:

    BSSID 00:1a:1e:ed:38:c0
    LMS IP x.x.x.x
    Master IP y.y.y.y
    Mode AP Mode
    QBSS Probe Response Allow Access
    Native VLAN ID 1
    SAP MTU 1500 bytes
    Heartbeat DSCP 0
    High throughput enable (radio) Disabled
    Channel 6
    Beacon Period 100 msec
    Transmit Power 14 dBm
    Advertise TPC Capability Disabled
    Enable CSA Disabled
    CSA Count 4
    Management Frame Throttle interval 1 sec
    Management Frame Throttle Limit 20
    VoIP Aware Scan Disabled
    Power Save Aware Scan Enabled
    Load aware Scan Threshold 1250000 Bps
    Country Code DE
    ESSID TestSSID
    Encryption wpa2-aes
    WPA2 Pre-Auth Disabled
    DTIM Interval 1 beacon periods
    802.11g Basic Rates 11 12 18 24 36 48 54
    802.11g Transmit Rates 11 12 18 24 36 48 54
    Station Ageout Time 1000 sec
    Max Transmit Attempts 15
    RTS Threshold 2333 bytes
    Short Preamble Enabled
    Max Associations 25
    Wireless Multimedia (WMM) Disabled
    WMM TSPEC Min Inactivity Interval 0 msec
    DSCP mapping for WMM voice AC N/A
    DSCP mapping for WMM video AC N/A
    DSCP mapping for WMM best-effort AC N/A
    DSCP mapping for WMM background AC N/A
    Hide SSID Disabled
    Deny_Broadcast Probes Disabled
    Local Probe Response Enabled
    Battery Boost Disabled
    Maximum Transmit Failures 32
    BC/MC Rate Optimization Disabled
    VLAN 2
    Forward mode tunnel

    You can see that there are no Informations that are confidential.
    After that the AP builds a Tunnel for every configured WLAN to the Controller.
    The tunnels are used to send all Traffic to the Controller.

    On the Controller all Traffic is decrypted. After that it is passing the Firewallengine, ARP Table,.......

    The remote AP saves configuration information that allows it to
    operate autonomously using one or more SSIDs in local bridging mode while
    supporting open association or encryption with PSKs.

     

    if this post helped u - please mark as a sultion and K+ [the star button]   :catindifferent: thanks :]



  • 5.  RE: AP booting process

    Posted Feb 12, 2013 07:08 AM

    The following events happened:

    My AP was already up and working fine, it is statically configured before plug into the network with:

     

        setenv ipaddr  "ip ap"

        setenv master   "ip mastercontroller"

        setenv serverip  "ip mastercontroller"

     

    so, we don't use ADP, DNS or DHCP to get the AP own ip or master ip. Once the AP contact the master, it gets LMS ip = local controller ip (different from the master), then the master is going down an also the AP, but after going down, the AP is unable to properly reboot.

     

    The AP doesn't need to get any new AOS because it has the correct one and is closing the tunnel with a local controller different from the master, so why is it unable to go up?, does it need to reach the master for something?

     

     



  • 6.  RE: AP booting process

    Posted Feb 12, 2013 07:22 AM
    Send a screenshot of your LMS/BACKUP LMS settings in the ap-system profile that belong to the AP-Group you trying to provisin the AP to.


  • 7.  RE: AP booting process

    Posted Feb 12, 2013 07:46 AM

    1-What AP models you got that are not going up?

    2-are the all the same model?

    3-What firmware you got on those M3?

    4-Are tthey APS that not going up RAPS?

    5-On the APS that are working do show print

    6-On the aps that arent working do show print also on AP console.

     

    Also if you can when you consoling copy and paste the boot process to see whats happening.

     

     



  • 8.  RE: AP booting process

    Posted Feb 12, 2013 07:50 AM

     

    setenv ipaddr 172.16.3.223
    setenv netmask 255.255.255.0
    setenv gatewayip 172.16.3.1
    setenv serverip 172.16.3.221
    setenv master 172.16.3.221
     
    thats an example... i see you just putting the ip of the AP... im assuming you did just that.... and didnt change the gateway and netmask  or didnt set it.... if you did all that then forget this post. :)
     
     

     



  • 9.  RE: AP booting process

    Posted Feb 12, 2013 08:20 AM

    setenv ipaddr 192.168.208.19

    setenv netmask 255.255.255.0
    setenv gatewayip 192.168.208.1
    setenv serverip 192.168.12.5
    setenv master 192.168.12.5

     

    This is the config I normally use statically to one AP, 192.168.12.5 is the VRRP ip shared between my master controller and another local controller, being master controller the active for the VRRP group.



  • 10.  RE: AP booting process

    Posted Feb 12, 2013 08:25 AM

    Could you please answer the other quetions i asked?:)

    1-What AP models you got that are not going up?

    2-are the all the same model?

    3-What firmware you got on those M3?

    4-Are tthey APS that not going up RAPS?

    Also if you can when you consoling copy and paste the boot process to see whats happening.



  • 11.  RE: AP booting process

    Posted Feb 12, 2013 08:28 AM

    Are you using vrrp for redundancy OR LMS

     

    VRRP is a L2 fail aover

    While LMS is a l3 fail over...

     

     



  • 12.  RE: AP booting process

    Posted Feb 12, 2013 07:52 AM

    Print for us some screenshots of the LMS/BACK LMS settings u did - AP system profile

    and also the AP-GROUP settings.+ AP installation page [from the GUI]

     

    or of u preferred copy&paste CLI outputs.

     

    It will help us help u :smileyhappy:



  • 13.  RE: AP booting process

    Posted Feb 12, 2013 08:16 AM

    ap system-profile "cierre_tunel_Desam_backup12.5"
       lms-ip 192.168.208.7
       bkup-lms-ip 192.168.12.5
       lms-preemption
       bootstrap-threshold 30
       request-retry-interval 15
       max-request-retries 15
       keepalive-interval 80

     


    ap-group "O11-Biblioteca"
       virtual-ap "perfil_red_eduroam"
       virtual-ap "perfil_red_Iumhnet"
       virtual-ap "perfil_red_Iumhweb"
       ap-system-profile "cierre_tunel_Desam_backup12.5"
       dot11a-traffic-mgmt-profile "perfil_preferred_access"
       dot11g-traffic-mgmt-profile "perfil_preferred_access"

     

     

    192.168.208.7 is my local controller

    192.168.12.5 is a VRRP ip shared between the master controller and other controller different from 208.7.

     

    If the master controller is down ( I also can reach 192.168.12.5) and I reboot AP from Ap-group O11-Biblioteca, those ap can't go up and running



  • 14.  RE: AP booting process

    Posted Feb 13, 2013 12:21 PM
    Let me clarify a bit more.
    At my main campus I have 2 6000 controllers sharing vrrp ip 192.168.12.5, one of them is the master and the other is a local.
    In a remote campus, I have other 6000 controller as local, ap at remote campus have lms ip to their local controller and backup lms ip to the vrrp ip


  • 15.  RE: AP booting process

    Posted Feb 13, 2013 12:34 PM

    Okay but you said you moved for a M3

    I want to know which firmware got that.... And also which fimware it had before...

    For example

    if you pass from an early verion of 3.x and you try to point them to a new M3 with versoin for example 6.1.3 then it wont work...

    You need to go though the correct upgrade process for the APs... i dont know if you got what im telling you? otherwise you will have that issue that some APS wont go up...



  • 16.  RE: AP booting process

    Posted Feb 13, 2013 01:46 PM
    Ok
    Let me explain more, my M1 runs 5.0.3, I uninstalled M1 from the master, then before installing the new M3 the local controller at remote campus went down, so I only had one local controller at main campus which had ip 192.168.12.5 (vrrp shared with master down at that time)
    The question is why ap 65 at remote campus were not able to close tunnel with 192.168.12.5 (lms ip backup)?


  • 17.  RE: AP booting process

    Posted Feb 13, 2013 01:58 PM

    ahhh okay

     

    So you basically got this and you were kind of confusing me.

     

    Main site

    VRRP 2 6000s

     

    One will be the master and the other one should be the master in Stanby

     

    On the remote SITE you got another 6000 which is the local controller managed by the master on the central site.

     

    You took the M1 out of the master and on tthe remote site all the APS went down which it should not happen....

     

    I got a few questions

     

    1-is the remote controller on the remote site is on another network?

    2-IF it is then are the APS on the remote Site terminating on the Local controller on the remote site? because if they were pointing to the master controller on the central site of course they will all go down...IF on the  stand by controller you have no license... which i dont know if you have all the licnese just like in the master active?

    3-Are the remote site APS terminating on the local remote controller?

     

    Note: You should put all the controllers with the same Firmware, otherwise all this wont work...

     

    Sorry if the quetions seems a bit dumb but im trying to cover the basic first before... and i got actually almost no info of your deployment

     

    Seems you speak spanish... you can private message me if you want though i speak spanish as well... if i can help you i will.

     

    Cheers

    Carlos



  • 18.  RE: AP booting process

    Posted Feb 13, 2013 02:17 PM

    As for your original question the AP should be able to boot without the master controller...

    If they are terminating on the local controller on the remote site and they have license... they should...

     

    The only thing you wont be able to do without a master is config changes on the profiles... you can do on the networking but not on the profiles... and if they are correctly termnating on the local in this case remote controller, on the remote site, they should be able to go up...

     

     



  • 19.  RE: AP booting process

    Posted Feb 13, 2013 04:07 PM
    Things didn't happen exactly as you said,
    Main site: two controllers 6000, one of them is the master and the other is local (not backup master), both of them with the same license and AOS 5.0.3, both controllers share a vrrp group with virtual ip 192.168.12.5
    Remote site: one 6000 with 5.0.3 and the same licenses as central site.

    I did shutdown to master to change the M1, but before changing the controller, in fact I left the network without master for 1 day because I planned to install M3 next day, then my remote 6000 controller went accidentally down.
    In this situation, I only had up one local controller at central site.
    At remote site, all my ap were not able to make the tunnel with 192.168.12.5 (vrrp active in local controller at central site)
    Answers:
    Remote controller has ip in different network as central master and local controllers
    Ap in remote site make tunnel with remote controller and also have lms backup ip to vrrp ip

    If remote controller goes down, then remote ap should make the tunnels with lms backup ip and that not was the behaviour

    Yes you are right, I speak spanish, how can send you a private message?


  • 20.  RE: AP booting process

    Posted Feb 13, 2013 04:55 PM

     

     

    Los mensajes privados los mandas clickiando arriba alado de tu nickname, ahi como un signo de una carta... ahi te metes y puedes enviarme mensajes pones compose a new message, y pones mi nickname y el mensaje y listo.


    Como te dije arriba pues estoy tratando de trabajar ocn la informacion que me das, pero no es completa, asi que tengo que estar adivinando ciertas coas o asumiendo....

     

     



  • 21.  RE: AP booting process

    Posted Feb 13, 2013 05:00 PM

    I already send you a private message.

     

    Cheers

    Carlos



  • 22.  RE: AP booting process

    Posted Feb 14, 2013 05:20 PM

    As fallow up for this topic Garcia gave me more detalied info

     

    1-In the central site he has 2 6000s  Master and the other one is local

    2-In the remote site he has another 6000  which is local

    3-He has VRRP running between master and local on the central site

    4-He left the central site without master to migrate from an M1 to M3

    5-He leave the site and at that time there is a power outage on the rmeote site... so it seems that all the APS need to fail over the Local controller on the central site.   On the ap group on the remote site he has as backup lms the VRRP ip address of the central site.

     

    My guess is

    1-VRRP is not working properly

    2-CPsec table is not syncronized... so the APS cannot terminate on that local controller.... it supposed that it syncronize automatically but who knows, so i asked him to look at that...

     

    Any other recommendation is welcome, let see if we can help this fellow with his issue.

     

    Cheers

    Carlos

     



  • 23.  RE: AP booting process
    Best Answer

    Posted Feb 15, 2013 12:43 PM

    As a summery of this i was able to figure out what was the issue or his concern about it...

     

    Like  i said before he had

    1 Master

    2Locals

     

    1 local in the central office

    1 local in the remote office

     

    Local controller in the central site got 98 APS, and just can handle 128 aps at total.... on the remote SITE he has a way more APS... so even if he could fail over he wouldnt be able to have them all up, now he knows that.

     

    Now  he was asking why the APS on the remote site were all down

     

    Situation was the fallowing

     

    HE took the M3 master on the central site which is the master

    At that time there is power outage on the Remote Site

    All APS goes down

     

    When the reboot they foudn that there is no local controller becasuse as i far i understood maybe its damaged...

    The APS just got the Informaiton in the NVRAM which is the ip address of the master, his ip address mask master ip address and that kind of thing....

    But the information that he has on the RAM whichis the profiles and all that is gone...

    Since the AP system profile got gone whent he AP rebooted and foudn that his master controller is down, he was not able to download any profiles or anything anywhere... because he does not have that config...  and that was the thing and thats what he was asking.

     

    Anyways guess this is all

     

    Cheers

    Carlos